[SECURITY] Fedora 42 Update: qt5-qttranslations-5.15.18-1.fc42

Qt5 - QtTranslations module...

[SECURITY] Fedora 42 Update: fcitx-qt5-1.2.6-30.fc42

This package provides Fcitx Qt5 input context...

CVE-2025-60753

An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service Out-of-Memory crash...

CVE-2025-64458

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...

CVE-2025-46404

A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

CVE-2025-62769

Potential SQL injection via connector keyword argument in QuerySet and Q objects...

GHSA-5RRX-JJJQ-Q2R5 vulnerabilities

Vulnerabilities for packages: dotnet, dotnet-bootstrap...

GHSA-5JPX-9HW9-2FX4 vulnerabilities

Vulnerabilities for packages: langfuse, jitsucom-jitsu...

CVE-2025-37727 vulnerabilities

Vulnerabilities for packages: elasticsearch-fips, ruby3.3-elasticsearch, ruby3.4-elasticsearch, ruby3.2-elasticsearch...

GHSA-56R7-H6MW-RCFV vulnerabilities

Vulnerabilities for packages: elasticsearch-fips, ruby3.3-elasticsearch, ruby3.4-elasticsearch, ruby3.2-elasticsearch...

xorg: xmayland: Use-after-free in XPresentNotify structure creation

A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an...

[SECURITY] Fedora 42 Update: rust-manyhow-macros-0.11.4-1.fc42

Macro for manyhow...

[SECURITY] Fedora 41 Update: rust-reqsign-http-send-reqwest-2.0.0-1.fc41

Reqwest-based HTTP client implementation for reqsign...

[SECURITY] Fedora 41 Update: rust-manyhow-0.11.4-1.fc41

Proc macro error handling =C3=A0 la anyhow x proc-macro-error...

Astra Linux - уязвимость в vim

Use After Free in GitHub repository vim/vim prior to 8.2...

GHSA-JV6H-4262-Q663 vulnerabilities

Vulnerabilities for packages: guacamole-client, logstash-fips, opensearch...

SUSE CVE-2025-12440

Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

CVE-2025-36137 IBM Sterling Connect:Direct for UNIX command execution

IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director CCD users that could allow a privileged user to escalate their privileges...

CVE-2025-12060

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

CVE-2025-12060

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...